1. Field of the Invention
The present invention relates to peripheral devices for restricting access from terminal devices connected via networks and access control methods for the peripheral devices.
2. Description of the Related Art
Recently, along with the diversification of peripheral devices, so-called multi function peripherals (MFP) having printer functions, scanner functions, copier functions, etc., have been developed. There are MFPs which have means for inserting memory cards to print images of image files stored in the memory card by the printer functions. There are also MFPs allowing computers (hereinafter referred to as PCs) connected thereto to read files stored in memory cards inserted in the MFPs and edit the read files.
In addition, it has become possible that an MFP and a plurality of PCs are connected to the same network so that the PCs can receive service provided through various functions of the MFP. That is, one MFP can be shared by a plurality of PCs over a network.
While sharing of an MFP among a plurality of PCs over a network increases convenience, in such an environment, however, it is likely that confidential information is also shared. To address this security concern, a technique for providing an access restriction function and an authentication function may be employed.
For example, Japanese Patent Laid-Open No. 2003-discloses a system in which an authentication device having authentication capability is connected to an MFP. In this authentication device, identification information for identifying PCs are displayed on a display based on the device addresses sent from individual PCs over a network. Then, when an administrator of the MFP selects one of the PC to be permitted to receive a predetermined service based on the displayed identification information, the device address corresponding to the identification information of the selected PC is sent to a service providing device for controlling provision of the services of the MFP. In this service providing device, the device address sent from the authentication device is stored, and when this device address matches a device address sent from a PC, a service request is permitted and this PC is registered in the service providing device.
This system allows the administrator of the MFP to arbitrarily register a PC to be permitted for communication and service requests without manually performing complicated operations such as registration of MAC addresses, and thus realizes an address restriction function and a MAC address filtering function.
In addition, Japanese Patent Laid-Open No. 2003-69573, for example, discloses a technique in which a memory card storing predetermined information is inserted in a PC connected to a network so that the PC is operable in the network.
Japanese Patent Laid-Open No. 2003-223307, for example, proposes a technique in which an access restriction function is provided in a copying machine, and when the copying machine receives an access request from a PC connected to a network, the access limiting function extracts an IP address and a MAC address for identifying the source of the access request and checks if the IP address and MAC address match addresses stored in an external storage unit or the like. In accordance with the checking result, the PC is permitted for network operations.
Moreover, in view of copyright protection, a technique has been proposed for controlling types of an access operation such as copying and storing of multimedia information to be accessed, in a data recording/reproducing system for multimedia information. Specifically, as disclosed in Japanese Patent Laid-Open No. H11-219320, for example, based on the identification information identifying the source of data to be accessed and access control information containing access information specifying the type of access to the data, which are set in an external device or the like, the type of access to the data is controlled.
Furthermore, a technique has been proposed for realizing authentication for access to a memory card by providing the memory card with a control IC, a flash memory, and a ROM storing the following information. Specifically, as disclosed in Japanese Patent Laid-Open No. 2001-14441, the ROM stores a medium ID unique to the memory card and the flash memory includes an authentication area for permitting access from an external device only when the authentication of the external device is successful and a non-authentication area for permitting access regardless of authentication results. The control IC has a control unit controlling access from external devices to the authentication area and the non-authentication area, an authentication unit executing mutual authentication with the external devices, etc.
According to the technique disclosed in Japanese Patent Laid-Open No. 2003-110551, a terminal to be permitted to use all services provided by an MFP can be set. However, the technique does not allow setting or control of access permission for each service or function of the MFP.
In addition, according to the technique disclosed in Japanese Patent Laid-Open No. 2003-69573, only a network terminal having inserted therein a card storing predetermined information is operable in a network system, and access to the network terminal from other network terminal devices is not restricted.
Further, in the technique disclosed in Japanese Patent Laid-Open No. 2003-223307, when an external storage device, such as a memory card, is inserted in a copying machine, only a terminal having an address identical to an address registered in the eternal storage device can be permitted for network operations on the copying machine. However, this technique does not take into account information other than the address information stored in the external storage device and protection of the stored information.
Moreover, the technique disclosed in Japanese Patent Laid-Open No. H11-219320 allows access operations corresponding to the content of copyright of multimedia information and consequently realizes a protection function effective for the copyright. However, the technique does not control permission and prohibition of access operations for each terminal device. Specifically, the technique can realize only control as to whether copying of information to be accessed is permitted or only reading of the information is permitted and does not perform access control particularly in accordance with individual information terminals connected to a network.
Furthermore, according to the memory card disclosed in Japanese Patent Laid-Open No. 2001-14441, while a file stored in the non-authentication area is unprotected and can be freely accessed, a file stored in the authentication area is secured since it can be accessed only from devices that have been successfully authenticated. However, when this memory card is inserted in an external device connected to a network, terminal devices connected to the same network may be permitted to access the authentication area only if the terminal devices are successfully authenticated. In addition, the technique does not take into account whether other network terminals access the external device with the memory card inserted therein.
As described above, a memory card inserted in an MFP connected to a network conveniently enables access from an arbitrary information terminal device such as a PC over the network. However, such a memory card has a security problem. Specifically, in the use of the memory card, it is likely that a file in the memory card is read by an unexpected user, that a file desired to be saved is edited, copied, or even worse, deleted. In particular, since a memory card often stores images captured by a digital camera and corresponding additional information, it is of a great concern that the stored information is viewed or edited by unexpected users.
Thus, it is desirable that access to a memory card storing image data is permitted to only a specific user. However, if the memory card is not inserted in a peripheral device, the printing function described above may not be effectively used. In addition, if access to the memory card having no file stored therein is strictly restricted, the advantage of inserting the memory card in the peripheral device connected to a network is degraded.
Moreover, it is convenient that various service functions of an MFP connected to a network can be used by PCs, etc. connected to the same network. However, for example, the use of the printer function of the MFP by unintended users results in a significant increase in consumption of printer supplies such as printing sheets and ink. Further, a document placed on an original plate of the MFP or a scanned document left on the original plate may be scanned by an unintended user using the scanner function accessed via the network.
Although the access restriction functions for MFPs have been proposed as described above, the access restriction function may be changed without permission even after it is appropriately set.